Validation Bypass

github.com/pion/dtls is vulnerable to validation bypass . The function handleIncomingPacket is not validating the incoming application data with epoch 0, accepting a remote user provided unencrypted or unauthenticated data after handshake completion...

CVE-2019-20786

handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion...

Design/Logic Flaw

handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion...

CVE-2019-20786

CVE-2019-20786 (Pion DTLS) : The vulnerability exists in handleIncomingPacket (conn.go) of Pion DTLS prior to 1.5.2, which does not check application data with epoch 0. This allows remote attackers to inject arbitrary unencrypted data after the DTLS handshake. Affected software: Pion DTLS (versio...

CVE-2019-20786

handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion...